2 files changed, 57 insertions, 1 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 44bd61e9..1dab5219 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,36 @@
 Changelog
 =========
 
+* :feature:`267` (also :issue:`250`, :issue:`241`, :issue:`228`) Add GSS-API /
+  SSPI (e.g. Kerberos) key exchange and authentication support
+  (:ref:`installation docs here <gssapi>`). Mega thanks to Sebastian Deiß, with
+  assist by Torsten Landschoff.
+* :bug:`346 major` Fix an issue in private key files' encryption salts that
+  could cause tracebacks and file corruption if keys were re-encrypted. Credit
+  to Xavier Nunn.
+* :feature:`362` Allow users to control the SSH banner timeout. Thanks to Cory
+  Benfield.
+* :feature:`372` Update default window & packet sizes to more closely adhere to
+  the pertinent RFC; also expose these settings in the public API so they may
+  be overridden by client code. This should address some general speed issues
+  such as :issue:`175`. Big thanks to Olle Lundberg for the update.
+* :bug:`373 major` Attempt to fix a handful of issues (such as :issue:`354`)
+  related to infinite loops and threading deadlocks. Thanks to Olle Lundberg as
+  well as a handful of community members who provided advice & feedback via
+  IRC.
+* :support:`374` (also :issue:`375`) Old code cleanup courtesy of Olle
+  Lundberg.
+* :support:`377` Factor `~paramiko.channel.Channel` openness sanity check into
+  a decorator. Thanks to Olle Lundberg for original patch.
+* :bug:`298 major` Don't perform point validation on ECDSA keys in
+  ``known_hosts`` files, since a) this can cause significant slowdown when such
+  keys exist, and b) ``known_hosts`` files are implicitly trustworthy. Thanks
+  to Kieran Spear for catch & patch.
+
+  .. note::
+    This change bumps up the version requirement for the ``ecdsa`` library to
+    ``0.11``.
+
 * :bug:`234 major` Lower logging levels for a few overly-noisy log messages
   about secure channels. Thanks to David Pursehouse for noticing & contributing
   the fix.
diff --git a/sites/www/installing.rst b/sites/www/installing.rst
index 052825c4..5528b28a 100644
--- a/sites/www/installing.rst
+++ b/sites/www/installing.rst
@@ -20,11 +20,14 @@ We currently support **Python 2.6, 2.7 and 3.3+** (Python **3.2** should also
 work but has a less-strong compatibility guarantee from us.) Users on Python
 2.5 or older are urged to upgrade.
 
-Paramiko has two dependencies: the pure-Python ECDSA module ``ecdsa``, and the
+Paramiko has two hard dependencies: the pure-Python ECDSA module ``ecdsa``, and the
 PyCrypto C extension. ``ecdsa`` is easily installable from wherever you
 obtained Paramiko's package; PyCrypto may require more work. Read on for
 details.
 
+If you need GSS-API / SSPI support, see :ref:`the below subsection on it
+<gssapi>` for details on additional dependencies.
+
 .. _release-lines:
 
 Release lines
@@ -99,3 +102,26 @@ installation of Paramiko via ``pypm``::
     Installing paramiko-1.7.8
     Installing pycrypto-2.4
     C:\>
+
+
+.. _gssapi:
+
+Optional dependencies for GSS-API / SSPI / Kerberos
+===================================================
+
+In order to use Kerberos & related functionality, a couple of additional
+dependencies are required (these are not listed in our ``setup.py`` due to
+their infrequent utility & non-platform-agnostic requirements):
+
+* **All platforms** need `pyasn1 <https://pypi.python.org/pypi/pyasn1>`_
+  ``0.1.7`` or better.
+* **Unix** needs `python-gssapi <https://pypi.python.org/pypi/python-gssapi/>`_
+  ``0.6.1`` or better.
+* **Windows** needs `pywin32 <https://pypi.python.org/pypi/pywin32>`_ ``2.1.8``
+  or better.
+
+.. note::
+    If you use Microsoft SSPI for kerberos authentication and credential
+    delegation, make sure that the target host is trusted for delegation in the
+    active directory configuration. For details see:
+    http://technet.microsoft.com/en-us/library/cc738491%28v=ws.10%29.aspx